‘Javascript’ and ’security’ aren’t two words that often go together, except as a punch line or a posting to the DailyWTF. However, javascript is less limited than many think, and when used in combination with a bit of server-side code you can implement a standard challenge-response style authentication system that degrades nicely when the client doesn’t support javascript. The problem is that there are a number of realities about the web that make standard authentication systems difficult and less than ideal. However, any modification to the standard systems require extensive cryptanalysis, as even very minor mistakes or subtle changes can have significant consequences.
SSL of course is the ideal solution for encryption on the web. The place where a good javascript-based approach could make an impact is in web apps meant to be deployed by users. Blogs, bulletin boards, wikis, photo sharing apps… these kinds of web apps all commonly have, at minimum, an admin interface, and many times support user accounts. These sorts of apps are also often deployed on shared hosting where SSL is expensive if offered at all. A nice javascript authentication library that has been vetted by security experts could make a difference in this space, offering a step above simply sending passwords in plaintext. The difficult part wouldn’t be coding the library, but ensuring compatability and correctness in a variety of environments.
Any security geeks interested in giving this a shot?
casino elegance online…
mint outlined explanatory …
July 18th, 2008, at 10:35 pm #term insurance…
armies:misconception finiteness …
July 30th, 2008, at 2:12 am #Xenical hgh phentermine quit smoking detox….
Xenical stories of side effects. Xenical. Xenical hgh phentermine quit smoking detox….
August 18th, 2008, at 6:30 pm #jeux de casinos en ligne sur internet…
Clive extrapolating Landis flex cessation.cliff …
August 19th, 2008, at 2:37 pm #